|
A vulnerability appeared in old d-link routers which allows the attacker to gain admin privileges in the router. The following models are affected:
If your user agent is set to xmlset_roodkcableoj28840ybtide, you will be able to view and change settings in the device. As of today, D-Link has not posted a solution. If you have any wireless router matching the vulnerable models, you need to:
When DLINK post a solution, you might want to ensure you are not using any default admin password. Check here for default wireless router passwords and look for DLINK reference. If you have the default password, check this page to look for information on how to access the admin tool to change the password.
Manuel Humberto Santander Peláez |
Manuel Humberto Santander Pelaacuteez 195 Posts ISC Handler Oct 14th 2013 |
| Thread locked Subscribe |
Oct 14th 2013 8 years ago |
|
FYI ... I just saw an attempt to use this exploit (around 09:00 GMT on 2013-10-14). I have no vulnerable router in the path so it made it was routed to my DMZ HTTP server and rejected there because of web server rules I have set up.
|
Don 3 Posts |
| Quote |
Oct 15th 2013 8 years ago |
|
I tried this against my DIR-825 and it seemed to not be vulnerable, though who knows if there's a string it would respond too. I've turned off my internet facing management page (which I already had restricted to 'from work only' so I could turn on remote desktop passtrhough if I needed it).
|
Eric 12 Posts |
| Quote |
Oct 15th 2013 8 years ago |
|
D-Link has promised a firmware update to address this issue will be released by the end of October.
The updates will be listed on a security page on the D-Link website and in the download section of the support page for each affected product - http://www.dlink.com/uk/en/support/security |
toymaster 13 Posts |
| Quote |
Oct 15th 2013 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
